1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Add basic DoS prevention measures

This commit is contained in:
Lauri Võsandi 2017-07-29 23:19:37 +03:00
parent dc67e46010
commit f069688a9a

View File

@ -5,6 +5,9 @@
# #
# Also uncomment URL rewriting and SSL configuration below # Also uncomment URL rewriting and SSL configuration below
limit_req_zone $binary_remote_addr zone=api:10m rate=30r/m;
limit_conn_zone $binary_remote_addr zone=addr:10m;
server { server {
server_name {{ common_name }}; server_name {{ common_name }};
listen 80 default_server; listen 80 default_server;
@ -18,10 +21,13 @@ server {
# ssl_certificate /etc/letsencrypt/live/{{common_name}}/fullchain.pem; # ssl_certificate /etc/letsencrypt/live/{{common_name}}/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/{{common_name}}/privkey.pem; # ssl_certificate_key /etc/letsencrypt/live/{{common_name}}/privkey.pem;
error_page 500 502 503 504 /50x.html;
root {{static_path}}; root {{static_path}};
# Basic DoS prevention measures
limit_conn addr 10;
client_body_timeout 5s;
client_header_timeout 5s;
location /api/ { location /api/ {
proxy_pass http://127.0.1.1:8080/api/; proxy_pass http://127.0.1.1:8080/api/;
proxy_set_header Host $host; proxy_set_header Host $host;
@ -30,6 +36,7 @@ server {
proxy_send_timeout 600; proxy_send_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
send_timeout 600; send_timeout 600;
limit_req zone=api burst=5;
} }
# This is for Let's Encrypt # This is for Let's Encrypt